You are using an outdated browser. Please upgrade your browser to improve your experience.
Report: Apple's Two-Step Authentication Doesn't Protect iCloud Data

Report: Apple's Two-Step Authentication Doesn't Protect iCloud Data

May 31, 2013
Apple launched a new two-step authentication system for iCloud back in March, and rolled the feature out internationally a couple of months later. According to a new report, however, iDevice users should be aware that Apple's two-step authentication does not protect iCloud backups, and nevertheless leaves users vulnerable to the kind of hack which last year controversially struck Wired's Matt Honan. The report, from ElcomSoft, explains:
In its current implementation, Apple’s two-factor authentication does not prevent anyone from restoring an iOS backup onto a new (not trusted) device. In addition, and this is much more of an issue, Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud. This is easy to verify; simply log in to your iCloud account, and you’ll have full information to everything stored there without being requested any additional logon information. In ElcomSoft’s opinion, this is just not the right way to do this from a security point of view. iCloud has been exploited in the past and will be exploited in the future.
While Apple does not claim that its two-step authentication method protects users from the above issue, iDevice owners should of course be aware that their smartphone or tablet is vulnerable to the kind of attack outlined by ElcomSoft. The report continues to explain that knowing a user's Apple ID and password provides full and complete access to iCloud backups, data, et al., without even activating Apple's two-step authentication system. With such information, the entire contents of one's iPhone or iPad could be cloud-restored onto a blank iDevice, and accessed from anywhere in the world. With WWDC 2013 set to commence in a mere 10 days, it could be that further security improvements to iCloud are just around the corner. In the meantime, visit ElcomSoft for a full breakdown of the report's findings. Image credit: CNET See also: Apple Increases iPad, iPod Pricing In Its Japanese Online StoreNuance Confirms That Its Software Powers Siri's Voice Recognition, and Apple's iPhone Sales In India Are Up An Impressive 400 Percent.

Related articles